// Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// This is a sample policy file for a bogus company.  It shows how to create
// a policy that requests a single certificate to be used to establish
// 802.11x.  Eventually it will also show how to configure the network to use
// that policy.

var policy = null;

entd.onLoad =
function onLoad(manifest) {
  // Instantiate our policy.  The Policy object is defined by policy-utils.js,
  // which should be located in the same directory as this file.
  policy = new Policy(manifest || {});

  // Set up some certs we might be interested in.  We don't automatically set
  // these up, this is only the menu of certs that can be mentioned in the
  // manifest file.  The list of certs we set up is stored in
  // the array located at manifest.policyParams.certs.  The array
  // should contain a list of "local identifiers" as defined below.
  policy.addCertificate(
      // Local identifier for the certificate, not persisted to the TPM.
      "wifi",
      { // Human readable label associated with this cert in the TPM.
        label: "802.11x Wireless",

        // Object ID associated with this cert in the TPM.
        id: 1,

        // This function will be called when the certificate is successfully
        // installed.
        "onInstall": util.fwdp(policy, "onWifiCertInstalled"),

        // List of variables that the user may provide.  Value is a list of
        // attributes that will be used to render the input widget for
        // the variable.
        userVariables: {
          password: { type: "password", label: "Password" }
        },

        // Parameters for the "Certificate Signing Request" request.
        csr: {
          subject: "/C=US/ST=Texas/L=Dallas/O=Example Inc/" +
              "OU=pcloadletter/CN=%(userName).corp.example.com/" +
              "emailAddress=%(userEmail)",

          // Used to build the URL where we should send the CSR.
          host: "localhost",
          port: 4343,
          auth: "%(userName):%(password)",
          path: "/csr",

          // HTTP POST parameters to use when submitting the request.
          post_params: {
            CertRequest: "%(csr)",
            CertAttribute: "CertificateTemplate:Wireless802.1xUser",
            email: "%(userEmail)",
            SAN: "upn=%(userName)@corp.example.com",
          },
        },

        issuer: {
          // Used to build the URL where we should present the CSR in order
          // to get the cert.
          host: "localhost",
          port: 4343,
          auth: "%(userName):%(password)",
          path: "/issue?id=%(requestId)",
        }
      });

  policy.addCertificate(
      "vpn",
      { // Human readable label associated with this cert in the TPM.
        label: "Virtual Private Network (VPN)",

        // Object ID associated with this cert in the TPM.
        id: 2,

        // List of variables that the user may provide.  Value is a list of
        // attributes that will be used to render the input widget for
        // the variable.
        userVariables: {
          password: { type: "password", label: "Password" }
        },

        // Parameters for the "Certificate Signing Request" request.
        csr: {
          subject: "/C=US/ST=Texas/L=Dallas/O=Example Inc/" +
              "OU=pcloadletter/CN=%(userName).corp.example.com/" +
              "emailAddress=%(userEmail)",

          // Used to build the URL where we should send the CSR.
          host: "localhost",
          port: 4343,
          auth: "%(userName):%(password)",
          path: "/csr",

          // HTTP POST parameters to use when submitting the request.
          post_params: {
            CertRequest: "%(csr)",
            CertAttribute: "CertificateTemplate:VPNUser",
            email: "%(userEmail)",
            SAN: "upn=%(userName)@corp.example.com",
          },
        },

        issuer: {
          // Used to build the URL where we should present the CSR in order
          // to get the cert.
          host: "localhost",
          port: 4343,
          auth: "%(userName):%(password)",
          path: "/issue?id=%(requestId)",
        }
      });

  entd.callbackServer.start(policy.callbacks);
}

// Called when entd stops for any reason.  You might perform some cleanup like
// unconfiguring wireless networks here.
entd.onUnload =
function onUnload() {
  entd.syslog.info("onUnload called.");
}

// This function will be called after a successful CSR request.  It should
// inspect the repsponse (most likely response.content) and extract any
// variables that might be needed to form the certificate issue request.
Policy.Certificate.prototype.parseCSR =
function parseCSR(response) {
  // Scrape the result looking for a ReqID...
  var ary = response.content.match(/\WReqID=([^&]+)/i);
  if (!ary)
    throw "Unable to locate request id in CSR reply.";

  this.info("Parsed request id: " + ary[1]);
  this.setVariable("requestId", ary[1]);
}

// Called when the wifi certificate is successfully installed for the first
// time, and every time entd starts up and notices that this certificate has
// already been installed.  If the firstInstall parameter is true, then
// this is the first time the certificate has been installed.
//
// This is hooked up in the addCertificate() call above.
Policy.prototype.onWifiCertInstalled =
function onWifiCertInstalled(cert, firstInstall) {
  entd.syslog.info("onWifiCertInstalled called: firstInstall: " + firstInstall);

  // This is where you might make use of the recently acquired certificate
  // to set up a network.
}
